The cybercriminals behind the Necurs botnet are now taking screenshots of victims' machines to improve the performance of ransomware attacks.
The cybergang operating the TrickBot banking Trojan were unusually active over the summer, launching new campaigns in Latin America and updating its code.
Threat actors are learning from ransomware attacks such as WannaCry by adding a features like a worm module to their malware.
TrickBot Habla Español: Trojan Widens Its Attack Scope in Spain, Brings Redirection Attacks to Local Banks
The TrickBot Trojan has been steadily ramping up its activity this year, going into a rather intensive period of updates and attacks that started in Q2.
The TrickBot Trojan, which recently tested redirection attacks in France, expanded its list of targets to include banks in Sweden and other Nordic areas.
According to IBM X-Force Research, the operators of the infamous TrickBot Trojan have been hand-picking private banks to target with redirection attacks.
Global cybercrime actors test their malware in small settings before launching internationally, leaving trails of clues to tip off astute security teams.
The cybergang behind the TrickBot Trojan has moved into Singapore, targeting the many multinational corporations that operate in the region.
IBM X-Force researchers reported that the TrickBot banking Trojan added new attack capabilities designed to target savings banks in Germany.
TrickBot has developed new attack methods specifically designed to target banks in Canada in addition to its previously established targets.